So 'the higher the version, the more up-to-date the software' not always true?

[Guest]

Microsoft windows XP Professional Version 2002 Service Pack 1

I just run the Baseline Security Analyzer on this machine. One report was like this

Security updates that are out of date are marked with a yellow
---------------------------------------------------------------------------
Score Security Update Description Reaso
X MS03-027 Unchecked Buffer File version is greater than
in Windows Shell expected
Could Enable [C:\WINDOWS\system32\shell32.dll, 6.0.2800.1348
System > 6.0.2800.1233
Compromis
(821557

So in this case, higher verion means out of date? That's something new to me

When I tried to installed the security update for windows XP embedded with SP1 (821557), I saw a box with the following message popped up

WEUpdate cannot retrieve information needed for setup from database
Setup cannot continue

Anybody know how I can work around that and get the update installed? What did I miss

Thanks in advance for any help

Bing

 

[Luke]

I emailed MS a while ago about this. What happens here is
that for that patch, the security file records the version
of the files changed.

The security file is maintained from different sources.
If a patch from one source is applied it shows a certain
version.

If another source then changes that file - different patch
for a different purpose but same file, to a newer version
they don't update the old patches details.

The problem is communication between the parties in
microsft. As long as you only update from a valid - legit
source you should not have to worry about it. I get this
all the time and they don't seem to fix it in a hurry.

Cya

 

[Bill Drake]

A "Yellow" Alert in MBSA is an *informational* alert. It tells you
that MBSA detects something that requires a human's attention
to check the details for this item.

Only a "Red" Alert in MBSA means there is definitely a problem
that MBSA understands.

Please note that the above info has been rehashed in nauseating
detail in the MBSA newsgroup -- which is referenced in the MBSA
helpfile as a source for further info on MBSA wrinkles.


It is *perfectly normal* for MBSA to lag the patch-builders in the
various other divisions of the company -- because MBSA can
only be updated after-the-fact, once patches are released by
other divisions in the company.

The MBSA coders aren't mind readers -- nor do they have access
to a functioning time machine. And IMO, it doesn't take a genius
to figure out the above.


Go back and look at your alerts. Since the DLL versions on your
machine are newer than MBSA understands -- they are Yellow
flagged for your manual attention. If you go to the referenced
KB Articles, you should find info noting that subsequent updates
have made the info on the referenced update obsolete.

However, please note that the referenced KB Article can only be
updated *after* the subsequent update is released -- and again
there are mere-mortals involved who maintain the KB -- so there
may be a delay between the release of a subsequent update
and the update to the originating KB Article that MBSA references.


Automated routines *cannot* take the place of human intelligence.
Expecting computers to magically compensate for human stupidity
is unrealistic -- and those who think otherwise will be sorely and
repeatedly disappointed.

For corroborating proof of the above, see any newsgroup that
deals with spyware or viruses.



Best I can do for now. <tm>


Bill

Microsoft windows XP Professional Version 2002 Service Pack 1.

I just run the Baseline Security Analyzer on this machine. One
report was like this:

Security updates that are out of date are marked with a yellow X
--------------------------------------------------------------------------
Score Security Update Description Reason
X MS03-027 Unchecked Buffer File version is
in Windows Shell greater than
Could Enable expected.
System
Compromise [C:\WINDOWS\
(821557) system32\
shell32.dll,
6.0.2800.1348

6.0.2800.1233]

So in this case, higher version means out of date? That's something
new to me.

When I tried to installed the security update for windows XP embedded
with SP1 (821557), I saw a box with the following message popped up:

WEUpdate cannot retrieve information needed for setup from database.
Setup cannot continue.

Anybody know how I can work around that and get the update installed?
What did I miss?

Thanks in advance for any help,


Bing